Rebecca MacKinnon's postings about work, reading, and ideas from 2004-2011.

November 01, 2011

There has been a steady stream of headlines recently about the use of Western surveillance technology by repressive regimes. After the hacktivist group Telecomixexposed the use by Syria of filtering and surveillance devices manufactured by the California-based company Blue Coat last month, the company has finally acknowledged that at least thirteen of its devices are being used by Syria.

Today, The Guardian has an amazing article titled "Governments turn to hacking techniques for surveillance of citizens." It describes the annual Intelligence Support Systems (ISS) World Americas conference, at which surveillance firms share tips on the latest "lawful interception" techniques used to spy on citizens. The companies showed little concern for how this technology can be and is being abused around the world. An excerpt:

Jerry Lucas, the president of the company behind ISS World, TeleStrategies, does not deny surveillance developers that attend his conference supply to repressive regimes. In fact, he is adamant that the manufacturers of surveillance technology, such as Gamma International, SS8 and Hacking Team, should be allowed to sell to whoever they want.

"The surveillance that we display in our conferences, and discuss how to use, is available to any country in the world," he said. "Do some countries use this technology to suppress political statements? Yes, I would say that's probably fair to say. But who are the vendors to say that the technology is not being used for good as well as for what you would consider not so good?"

Would he be comfortable in the knowledge that regimes in Zimbabwe and North Korea were purchasing this technology from western companies? "That's just not my job to determine who's a bad country and who's a good country. That's not our business, we're not politicians … we're a for-profit company. Our business is bringing governments together who want to buy this technology."

The EFF has proposed a two-part "know your customer" framework for surveillance equipment:

Companies selling surveillance technologies to governments need to affirmatively investigate and "know your customer" before and during a sale. We suggest something for human rights similar to what most of these companies are already required to do under the Foreign Corrupt Practices Act and the export regulations for other purposes, and

Companies need to refrain from participating in transactions where their "know your customer" investigations reveal either objective evidence or credible concerns that the technologies provided by the company will be used to facilitate human rights violations.

Click here for further details. One of the broader problems, of course, is that the market for ever-more sophisticated surveillance equipment feeds unaccountable abuses of power not only by authoritarian regimes but also by democratic governments.

As long as engineers and companies claim to have no responsibility for the political context in which their inventions and products are used, the problem is going to grow worse. This problem has been exacerbated in the Internet age, but it has been around a lot longer. In a talk I gave last week at the Silicon Valley Human Rights Conference, I played a video clip from Tom Lehrer's early 1960's song about ex-Nazi rocket scientist Wernher von Braun:

October 27, 2011

Earlier this week, Google published an update of its Transparency Report, which among other things discloses the number of government requests received for user information as well as requests to remove content. The latest report contains more granular data than ever before, including the number of actual users targeted by the government requests. (China remains a black hole because releasing the data would break China's "state secrets" law and expose Chinese employees to prosecution.) As The Guardian points out, the data show a 70% increase in requests by the U.S. government or police. The company has also refused some takedown requests, including video of police brutality. In the first half of 2011, Brazil topped the list with the most requests for content removal, followed by Germany, the U.S., and South Korea.

I argue in my book that inadequate transparency and accountability at the nexus between state and corporate power is one of the most insidious threats to democracy in the Internet age. All Internet and telecommunications companies should be required to report regularly and systematically to the public on how content is policed, and under what circumstances it gets removed or blocked and at whose behest. All companies serious about building public credibility and trust should waste no time in following Google's lead.

Google still has a long way to go, however, when it comes to managing the development and rollout of its various services in a way that does not hurt its most vulnerable users. As I discuss in the book, implementation and enforcement of the real-name identity policy on Google Plus has thus far been a fiasco, resulting in dissidents and other vulnerable users around the world being booted from the service. Google's Senior VP of Social Vic Gundotra recently announced that the social network will "soon" provide support for pseudonyms and other forms of alternative identity not tied to people's government-issued ID. However it remains unclear what "soon" means.

Meanwhile, Google has announced that it will soon make major changes to Google Reader (an RSS reader used by many people to follow, manage, and share content from a large volume of news and blog feeds). Some of the social sharing functions will be eliminated and Reader will be integrated more closely into Google Plus. What Google staff apparently did not anticipate is how these changes will hurt some users including Iranian users struggling to share information despite harsh censorship. Because Google Reader is encrypted with https, it is harder for the Iranian government to block than most other overseas sites and services. As one Iranian blogger explains:

Google Reader acts like a news spreading website. Easy access to Google reader made it suitable for Iranian community and through all these years, specially after June 2009 election, developed an strong community for spreading the news.

Elimination of Reader's sharing functions will put an end to this. Even worse, if Reader is integrated with Google Plus before the company finds a way to accommodate pseudonymous users and other forms identity not tied to people's government-issued identity, Iranian users will be left even further in the cold.

October 20, 2011

On Sunday, Tunisia will hold elections for the constituent assembly that will be tasked with re-writing the country's constitution. While much of the news coverage focuses on the question of how well the Islamist parties will do in relation to the more secular political forces, reports are quoting election observers and human rights groups who are optimistic that people are serious about the process of holding a real election. While this first election is only the first step in a long and winding path that may or may not succeed in establishing a vibrant Arab democracy in North Africa, people are full of hope.

Censorship is a key subject in the Tunisian political discoure and debates. There have recently been protests by conservatives demanding censorship of all media including TV, film, and Internet and protests by liberals against censorship. After all Internet censorship was lifted when Ben Ali stepped down in January, some censorship of pornographic and incendiary web content returned in May, prompting heated debates over who has the authority to decide what goes on the censorship list and whether that power will inevitably be abused.

ATI (as the Tunisian Internet Agency is known according to its French acronym) was much reviled by activists under Ben Ali and nicknamed "Ammar 404" - the Arabic equivalent of "Joe 404," with "404" referring to the "404 page not found" error message that appears on browsers when a web page has been blocked. Now Mr. Chakchouk says he is trying to turn the agency into a "transparent" and "neutral" Internet exchange point (IXP) that can support a robust public discourse in an evolving new democracy. He wants to put an end to web filtering at the network level and instead provide tools and services for households to filter their home Internet if they so desire, without engaging in blanket censorship for the entire nation. In general, he believes that Tunisia must foster competition and innovation in Internet services. He wants Tunisia adopt global "best practices" in Internet governance.

After a Tunisian court ruled in May that some websites must be blocked, the ATI appealed the ruling twice, but lost both appeals. According to Jillian York it is making a further appeal to the highest court.

Click here for a video of his entire speech in French (perhaps somebody will give it English and Arabic subtitles at some point). Here is a shorter English interview he did immediately afterwards with Tunisia Online:

Whether Mr. Chakchouk will succeed or even keep his job, or whether the ATI will survive as an independent agency, Tunisian activists told me at the conference, will depend in no small part on the outcome of this weekend's elections and the continued political jockeying beyond.

Riadh Guerfali, co-founder of the citizen media platform Nawaat.org which played a key role in spreading protest information and who is now running as an independent candidate from his home town of Bizerte, has made Internet access and online free expression a key goal, as have many other former activists who are now running for office. On the other hand, there are other candidates - on both the left and the right - calling for Internet censorship as part of an effort to attract more conservative religious voters. Who will prevail in the election remains to be seen... and how the constituent assembly will choose to handle the questions of censorship and civil liberties when they write the constitution is even less clear.

"Information infrastructure is politics," writes Philip N. Howard of Washington State University in an excellent Brookings Institution report on authoritarian regimes and Internet controls. Tunisian politics over the coming year are likely to determine the shape of the country's information infrastructure - and decide just how different it will be from the past, or not. The shape of the infrastructure will in turn shape political discourse to the extent that it enables a full range of political viewpoints, debates, and even whistleblowing; or whether it enshrines censorship and surveillance mechanisms that can enable power-holders to subtly (or not so subtly) manipulate information and surveil Internet users.

October 16, 2011

In my forthcoming book (finalized in mid-August before Jobs stepped down and then passed away), I am critical of Apple and its approach to app censorship, its general lack of openness, and the potential long-term implications for freedom and democracy. Soon after Jobs announced his retirement and not long before he passed away, my friend Christine Bader wrote about the serious environmental and labor problems that stain Jobs' legacy.

That said, there is no question that Jobs' leadership and vision transformed not only personal computing but hundreds of millions of people's relationship with technology. People all over the world have good reason to feel strongly about the ways in which Apple computers and devices have enriched their lives. The emotional depth of the global reaction to his death has been stronger and more personal than global responses to the deaths of most world leaders. He touched the lives of all kinds of people in the most intimate and tangible ways. As I pointed out in the most recent edition of The Netizen Report, one pseudonymous Chinese Internet user spotted by the Wall Street Journal remarked: “This is the first time a foreigner’s death has been hard for me to take.” (See more Chinese netizen reaction here.) Global Voices rounded up reactions to Jobs' death from Africa, the Arab world, and the Caribbean. The dissident Cuban blogger Yoani Sanchez wrote about how Jobs' persistence and ingenuity in the face of his own hardships inspired her to persist in building her own home-made computer in the 1990's with which she eventually produced a university newsletter. Not all tributes are positive: Bloggers in Brazil, for instance, criticized Apple's lack of openness.

Global Voices' Fred Petrossian linked to this cartoon by the famous Iranian cartoonist Mana Neyestani:

Fred's translation: "An old man says to the 'Angel of Death' there are many dinosaurs in Iran and you go after 'red apples'."

This speaks to a point I make in the first chapter of my book about how new kinds of global constituencies are forming around certain brands of hardware, software, and virtual platforms created by multi-national companies like Apple, Facebook, Google, Twitter. Members of these global constituencies can hold strong and even emotionally-charged loyalties towards technologies that they have integrated into their lives and even identities. These overlapping loyalties and constituencies will increasingly compete and clash with loyalties and identities tied to the physical nation-state.

No government - not even the Western ones claiming to champion Internet freedom - is equipped to deal with the long-term consequences of this trend. But that doesn't mean that we should leave it to the world's multi-national technology companies to refashion global geopolitics to their own liking just because so many governments are not getting it right. We the world's netizens must work to make sure that the Internet, the geopolitical system, and the international economy evolve in a way that serves everybody's rights and interests, not just those of the most powerful one percent.

September 18, 2011

On Thursday I launched a new series of posts on Global Voices Advocacy called “The Netizen Report”: An overview of recent global developments related to the power dynamics between citizens, companies and governments on the Internet. I hope that these regular (probably quasi-weekly) reports can provide netizens around the world with useful information about who is seeking to influence and shape the digital platforms and networks we increasingly depend upon, and how. Armed with information, we are in a better position to defend our rights, and to make sure the Internet evolves in a manner that is compatible with free expression and dissent. The format and content of the report will evolve over the coming months based on reader feedback and author experimentation. Your comments and criticisms are welcome.

A global struggle for control of the Internet is now underway. At stake are no less than civil liberties, privacy and even the character of democracy in the 21st century.

Many commentators have debated whether the Internet is ultimately a force for freedom of expression and political liberation, or for alienation, and repression. Rebecca MacKinnon moves the debate about the Internet’s political impact to a new level. It is time, she says, to stop arguing over whether the Internet empowers individuals and societies, and address the more fundamental and urgent question of how technology should be structured and governed to support the rights and liberties of all the world’s Internet users.

Drawing upon two decades of experience as an international journalist, co-founder of the citizen media network Global Voices, Chinese Internet censorship expert, and Internet freedom activist, MacKinnon offers a framework for concerned citizens to understand the complex and often hidden power dynamics amongst governments, corporations, and citizens in cyberspace. She warns that a convergence of unchecked government actions and unaccountable company practices threatens the future of democracy and human rights around the world.

Consent of the Networked is a call to action: Our freedom in the Internet age depends on whether we defend our rights on digital platforms and networks in the same way that people fight for their rights and accountable governance in physical communities and nations. It is time to stop thinking of ourselves as passive “users” of technology and instead act like citizens of the Internet – as netizens – and take ownership and responsibility for our digital future.

Here is a TED talk I gave in July which focuses on parts of the book's argument:

...and yes, I hope to start blogging again now that the thing is done. I will also continue to post as @rmack on Twitter, and probably in a few other places as well.

October 15, 2010

I am pleased to announce that Basic Books has agreed to publish my first book, Consent of the Networked, a concerned citizen's guide to the future of freedom in the Internet age.

If all goes according to plan, the book will be published in late 2011 or 2012.UPDATE ON FEB. 20, 2011: Publication date is now set for January 10, 2012.

I am grateful to John and Max Brockman of Brockman, Inc. for getting me this far.

Now it's up to me to get the thing written. I am one of those people who get easily distracted and who need long periods of focused, undisturbed time in order to produce quality long-form writing. I haven't been blogging all that much lately anyway, but I've decided that it's time to stop blogging completely until the full draft manuscript is completed in March, or possibly until the whole thing is revised and finalized in June.

Meanwhile, you can still find me during writing breaks at @rmack on Twitter, where I will be keeping up with news and issues relevant to the book. News about the book's precise publication date - when I have it - will be posted on this blog. I've also set up an informal Facebook group which people can join to receive updates. When things get farther along - and once I'm certain that the title won't change, or if it changes - I will set up a more formal website and Facebook promotional page. So please stay tuned. I look forward to resuming a robust conversation about my usual issues on this blog and elsewhere as the book goes into production.

September 27, 2010

We will promote new tools of communication so people are empowered to connect with one another and, in repressive societies, to do so with security. We will support a free and open Internet, so individuals have the information to make up their own minds. And it is time to embrace and effectively monitor norms that advance the rights of civil society and guarantee its expansion within and across borders.

It appears that "in repressive societies" was an important qualifier when it comes to the question of who does or doesn't deserve access to secure communications tools. He apparently supports helping Chinese dissidents and Iranian activists communicate with one another in a secure manner that evades government surveillance. But if his administration gets its way, Americans may lose the ability to evade surveillance in their own country. According to today's New York Times, the Obama administration plans to propose legislation requiring all digital communications services to enable interception of user communications. We haven't seen any draft text, but based on what the article says, it appears that services based on end-to-end encryption - and which are thus designed to be un-tappable - would effectively become illegal in the United States. This is particularly ironic given that the United States government helps to fund anonymity tools like Tor.

Civil liberties groups, human rights activists, and other supporters of free speech have been quick to voice their concerns. Here are a few choice excerpts:

...In the past ten years, even as the U.S. government has sought (or simply taken) vastly expanded surveillance powers, it never attempted to ban the development and use of secure encryption.

Now the government is again proposing to do so, following in the footsteps of regimes like the United Arab Emirates that have recently said some privacy tools are too secure and must be kept out of civilian hands.

Glen Greenwald puts it bluntly: "the U.S. Government is taking exactly the position of the UAE and the Saudis: no communications are permitted to be beyond the surveillance reach of U.S. authorities."

Cato's Julian Sanchez points out that requiring service providers to "design their systems for breach" is "massively stupid from a security perspective":

.. while the Communications Assistance for Law Enforcement Act (CALEA) already requires phone and broadband providers to build in interception capacity at their network hubs, this proposed requirement—at least going on the basis of the press description, since there’s no legislative text yet—is both broader and more drastic. It appears that it would apply to the whole panoply of online firms offering secure communication services, not just big carriers, imposing a greater relative burden. More importantly, it’s not just mandating that already-centralized systems install a government backdoor. Rather, if I understand it correctly, the proposal would insist on a centralized(and therefore less secure) architecture for secure communications, as opposed to an end-to-end model where encryption is handled client-side. In effect, the government is insisting on the right to make a macro-design choice between competing network models for thousands of companies.

In other words, the whole industry - at least all parts of the industry interested in legally serving American customers and users - would have to bake surveillance capability into their architecture. This in turn will make it even easier for all kinds of regimes to track online conversations, and provides precedent for all governments to ban encryption themselves - effectively killing the President's dream that "people in repressive societies" could connect with one another "with security."

Greenwald and others point out that the New York Times report is even more alarming when read alongside today's Washington Post report that the Obama administration wants to require U.S. banks to report all transfers being made in and out of the country, no matter how small. Greenwald writes:

Leave aside the fact that endlessly increasing government surviellance is not only ineffective in detecting Terrorist plots and other crimes, but isactually counterproductive, as it swamps the Government with more data than it can possibly process and manage. What these Obama proposals illustrates is just how far we've descended in the security/liberty debate, where only the former consideration has value, while the latter has none. Whereas it was once axiomatic that the Government should not spy on citizens who have done nothing wrong, that belief is now relegated to the civil libertarian fringes. Concerns about privacy were once the predominant consensus of mainstream American political thought.

This Bill would give the Attorney General the power to blacklist domain names of sites “offering or providing access to” unauthorized copyrighted works “in complete or substantially complete form, by any means, including by means of download, transmission, or otherwise, including the provision of a link or aggregated links to other sites or Internet resources for obtaining such copies for accessing such performance or displays”; as well as those offering items with counterfeit trademarks. The AG could obtain court orders, through “in rem” proceedings against the domains, enjoining the domain name registrars or registries from resolving the names. Moreover, in the case of domains without a U.S. registrar or registry, other service providers, financial transaction providers, and even advertising servers could be caught in the injunctive net.

While the Bill makes a nod to transparency by requiring publication of all affected domain names, including those the Department of Justice “determines are dedicated to infringing activities but for which the Attorney General has not filed an action under this section,” it then turns that information site into a invitation to self-censorship, giving legal immunity to all who choose to block even those names whose uses’ alleged illegality has not been tested in court. (Someone who is listed must petition, under procedures to be determined by the AG, to have names removed from the list.)

Finally, the statute’s warped view — that allegations of infringement can only be good — is evident in the public inputs it anticipates. The public and intellectual property holders shall be invited to provide information about “Internet sites that are dedicated to infringing activities,” but there is no provision for the public to complain of erroneous blockage or lawful sites mistakenly or maliciously included in the blacklist.

Hollywood likes the Bill. Unfortunately, there’s plenty of reason to believe that allegations of infringement will be misused here in the United States. Even those who oppose infringement of copyright and trademark (myself included) should oppose this censorious attempt to stop it.

Internet governance expert Milton Mueller calls it the Great Firewall of America. The EFF says the bill "runs roughshod over freedom of speech on the Internet" is "designed to undermine basic Internet infrastructure," and "sends the world the message that the United States approves of unilateral Internet censorship."

A Senate staffer told me today that it's meant to be a "jobs bill" - to defend American industry against job losses caused by intellectual property violations.

The free and open Internet is threatened by authoritarian governments, it goes without saying. But we have an even bigger problem when the elected leaders of democracies, in pursuing various aspects of "the national interest" - national security, law enforcement, child protection, intellectual property protection, et cetera - repeatedly turn to solutions that are inimical to the survival of a free and open global Internet.

How do we break this vicious cycle? Until we do, we shouldn't be surprised when beleaguered dissidents in repressive regimes don't trust us. Expect to see a lot more critiques like "The Internet Freedom fallacy" by Global Voices Advocacy director and exiled Tunisian activist Sami Ben Gharbia.

September 14, 2010

Many companies go on the defensive or go into denial mode, head-in-the-sand mode, and even petulant adolescent mode when confronted by reports like this one in the Sunday New York Times. Not Microsoft. In the face of clear evidence that Microsoft has been used by Russian authorities to crack down on activists under a thinly veiled pretext of intellectual property enforcement, Microsoft reacted in a grown-up, responsible manner. Senior Vice President and General Counsel Brad Smith wrote a long blog post the very next day in which Microsoft accepted full responsibility and accountability for what has happened in Russia, launched an independent investigation, and announced that Microsoft will release a free blanket license for use of Microsoft software by non governmental organizations and take further measures to prevent authorities from raiding NGO offices on vague allegations of using pirated Microsoft software. The NYT follow-up story is here.

We've yet to see the text of the new blanket license. My understanding is that it will not be for global use, but rather is an emergency measure for use in specific countries where the kind of problem described in the NYT story has happened or is seriously likely to happen. Microsoft already has an existing program to donate free and legal software to NGO's which organizations all around the world can avail themselves of.

As a member of the Global Network Initiative (on whose board of directors I currently sit) Microsoft is coordinating closely with several human rights groups to try to ensure that the word gets out about the new blanket license as well as the existing software donation program, and is showing seriousness about making sure that vulnerable groups get the legal information and access to legal advice that they require. Efforts are also being made to make clear to authorities that Microsoft's concerns about piracy should not be used as a tool to crack down on political activism.

While Microsoft has received deserved praise and positive press for its rapid response, it is not escaping criticism. Alan Wexelblat at Copyfight points out correctly that human rights groups have been discussing the over-all problem with Microsoft for some time, but that Microsoft did not act forcefully enough until the bad publicity spurred them into action.

Unfortunately, this is the kind of thing that can happen with a big multinational corporation whose bread and butter depends on the sale of intellectual property. One can easily imagine how the people whose job it is to implement the company's GNI commitments to institutionalize respect and concern for human rights throughout all far-flung branches of Microsoft were not nearly as visible, audible, or powerful in the eyes of Microsoft's local employees and legal counsel compared to those sending a very strong message - with very concrete sets of incentives and disincentives - from headquarters about the need to combat software piracy. Of course, piracy is rampant in Russia and many other countries where human rights violations also happen to be rampant.

Intellectual property law professor Michael Geist discusses the broader problem of messaging and priorities not only by American multinationals but also by the U.S. government, whose trade policies are shaped by heavy lobbying by U.S. companies who are pushing for stronger global IP protections:

While the Microsoft response is a good one, it must be noted the abuse of IP enforcement is surely connected to efforts by the U.S. government and copyright lobby groups to actively encourage Russia to increase its IP enforcement. The US has regularly cited Russia in its Special 301 report, this year including it on the Priority Watch list. The IIPA, the industry lobby group that includes software associations,pushed the U.S. to target Russia, saying that is imperative that prosecutors bring more IPR cases. In fact, the IIPA complained that Russian authorities do not seize enough computers when conducting raids. On top of all this is the Anti-Counterfeiting Trade Agreement, which will provide Russia with a template to follow on IP enforcement, including new seizure powers with less court oversight.

It has often been pointed out that the ACTA/Special 301 report approach seeks to export tougher enforcement measures - often to countries where free speech is not a given - without including the exceptions, due process, and balancing provisions. The recent Russian case highlights why this is such a dangerous and misguided approach that is apt to cause more problems than it solves.

Denise Howell at ZDNet adds her two cents about the controversial international treaty for intellectual property rights enforcement that the U.S. is negotiating with a select group of countries behind closed doors:

This story seems particularly timely given that finalization of the Anti-Counterfeiting Trade Agreement (ACTA) is imminent. Even without ACTA, a government in search of a pretext has all the tools it needs to ransack or seize computers in the name of protecting foreign copyright holders. ACTA promises to provide a whole new legal infrastructure and justification for such tactics, in addition to the myriad concerns it raises simply if enforced in a non-corrupt, as-intended manner

If the U.S. government's rhetoric about "Internet freedom" is sincere (and there are plenty of cynics who doubt it), it's time to stop sending contradictory, hypocritical messages about policy priorities - saying one thing and then acting in ways that send a rather different kind of message. Otherwise situations like the Microsoft Russia fiasco are just the beginning. It is essential that in the course of protecting intellectual property rights, due process, rule of law, and respect for free expression and privacy must be strengthened instead of eroded. Corporations and the trade negotiators who do their bidding need to understand that eroding democracy abroad and weakening it at home is an unacceptable price to pay for the protection of intellectual property. There has got to be a better and more balanced way forward. Policymakers are going to have to be much more innovative in their approaches to make sure that one policy isn't negating another. Companies need to adapt their business models and business practices not only to the irreversible realities of the Internet age, but also to a global business environment where markets are expanding fastest in places where corruption, thuggery and human rights violations are often the rule instead of the exception. That means taking a much more difficult, uncharted path forward. But the alternative is simply unacceptable.

If the copyright lobby gets their way with the Anti-Counterfeiting Trade Agreement (ACTA) or ifgovernments continue to act on the claim that "piracy" demands sweeping changes to Internet privacy and freedom, then we can generalize the New York Times headline — "Russia Uses Microsoft to Suppress Dissent" — into something we'll surely see more often: "Regime Uses Copyright Violations to Curtail Freedoms."

This episode should remind legislators and policymakers worldwide of the real risk that powers enacted in the name of copyright enforcement can to be used to do real harm. Ensuring balance in copyright law is not just good copyright policy — it's necessary to protect human rights and fundamental freedoms worldwide.

August 21, 2010

A lot is going on but unfortunately I've been too swamped with writing deadlines and other projects to do more than post short tweets on my Twitter feed.

I will be completely offline through Labor Day. My blogging hiatus may continue through September or possibly even October.

While I'm at it, I realize that I never made an announcement here, so I might as well do it now: This summer I moved to Washington, DC, where I will be a Schwartz Senior Fellow at the New America Foundation beginning in September.